Foreign states may use US spyware

The USA is engaging in “offensive cyber warfare,” Kristinn Hrafnsson, spokesman for whistleblower organization WikiLeaks, told, following the unmasking of a sophisticated hacking ring that has infected thousands of computers in over 30 countries.

Moscow-based security firm Kaspersky Labs revealed a trove of evidence showing that sophisticated surveillance systems had been embedded in thousands of computers belonging to officials, scientists, businessmen and journalists in states such as Russia, Iran and China starting from 2001, by what it called the Equation Group.

The NSA hasn’t admitted sponsoring the Equation Group – which appears to be lavishly resourced – but circumstantial evidence points to US involvement. Most of the computers infected are located in countries that enjoy a rocky relationship with Washington, while some of the infiltration techniques bear the hallmarks of other operations where the US has been ostensibly involved, such as the Stuxnet virus. Two anonymous sources, formerly with the NSA, also confirmed the existence of the espionage capabilities described by Kaspersky internet security firm.

“Who is the real criminal?” Hrafnsson asked, during a live interview. “We have been led to believe that the real danger of cyber warfare is from China or North Korea. But I think the real danger here is the US, the superpower. And they can cause real havoc all over the world with their technologies.” One of the most powerful in a suite of tools used by the team was a virus that attached itself to the in-built programming contained on the hard disk of almost every top manufacturer. The malware allowed the hackers to take over the computer before the operating system even loaded up for the first time, and has likely existed at least since 2007.

“We are not surprised. We should not be taken aback by anything after what we have learned from Edward Snowden, but we are surprised by the sophistication,” said the Icelandic journalist, who has worked with Julian Assange’s WikiLeaks since 2010. “To go to the core of the computer, which makes it almost impossible to detect is something that we haven’t seen before.” Hrafnsson says the National Security Agency is likely behind the operation, saying “there is no other agent that has the ability and the resources to do this.”

Today’s NSA top secret techniques are tomorrow’s public hacking tools

Acclaimed cryptologist and cyber-security expert Bruce Schneier also believes that that the uncovered techniques could belong to the NSA – or its British partner, GCHQ. “Right now these are NSA and other military techniques but today’s top secret programs become tomorrow’s PhD theses, and the next days’ hacking tools. So what we are seeing in these military-grade malware is the preview of what criminals are going to do in 3-5 years and what we are learning is that attack is a lot easier that defense,” he told.

“It seems obvious these are NSA techniques – the codenames are the same, they are very similar to an NSA catalogue that was revealed by Der Spiegel in December 2013. You look at the targets list – it’s the list of US enemies. So it seems clear that if this is not the US, it’s the UK, but it is definitely our side doing it.” He says this revelations show what the criminals of tomorrow may do.

At the same time, Schneier believes that while government cannot be expected not to spy at all, techniques like those exposed by Kaspersky are better than blanket wiretapping because they are targeted. “They are not the NSA spying on everybody to get at one person. They are the NSA targeting legitimate enemies. And that is really the best we can expect the governments to do. We can’t expect them to stop spying. We want them to target.”

Karsten Nohl, chief scientist at Security Research Labs in Berlin, says Kaspersky specialists have provided great insights into a complex hacking system and obviously spent a lot of time connecting the puzzle pieces that were available to other researchers too to paint a devastating picture of a very capable threat actor that went unnoticed for a long time. “From all evidence we have seen so far, the US connection seems quite clear. Lots of evidence like text strings in these different viruses that we have seen over a whole decade of work can be linked to other US malware, for instance Stuxnet,” Nohl told.

“And adding to that, who else would have been able to afford such a comprehensive hacking program 13 years ago, when this attack started? I think only the US had budgets like this back then for major hacking of worldwide computer network.”